diff options
| author | lonkaars <loek@pipeframe.xyz> | 2021-04-26 11:28:22 +0200 |
|---|---|---|
| committer | lonkaars <loek@pipeframe.xyz> | 2021-04-26 11:28:22 +0200 |
| commit | 62651f981fa6ac6c87ab95b8e52eeca60e80ed6a (patch) | |
| tree | 9f3a5bf77967e9e29af4c0fdf37b553c8bd5f8b8 | |
| parent | cd89523e5d5411d82031949da040abcac6e88177 (diff) | |
update username/email endpoints
| -rw-r--r-- | api/auth/login.py | 15 | ||||
| -rw-r--r-- | api/readme.md | 66 | ||||
| -rw-r--r-- | api/user/modify.py | 56 |
3 files changed, 95 insertions, 42 deletions
diff --git a/api/auth/login.py b/api/auth/login.py index e3d5fde..e0cb406 100644 --- a/api/auth/login.py +++ b/api/auth/login.py @@ -3,6 +3,14 @@ from db import cursor import auth.token as token import passwords +def login_password(user_id, password): + passwd_hash = cursor.execute( + "select password_hash from users where user_id = ?", [user_id] + ).fetchone() + if not passwd_hash: return False + check = passwords.check_password(password, passwd_hash[0]) + return bool(check) + login = Blueprint('login', __name__) @@ -29,11 +37,8 @@ def index(): if user_id == None: return "", 401 # check the password - passwd = cursor.execute( - "select password_hash from users where user_id = ?", [user_id[0]] - ).fetchone() - check = passwords.check_password(password, passwd[0]) - if not check: return "", 401 + valid_password = login_password(user_id[0], password) + if not valid_password: return "", 401 # generate a new authentication token and add it to the users valid token list new_token = token.generate_token() diff --git a/api/readme.md b/api/readme.md index d904f42..cba7625 100644 --- a/api/readme.md +++ b/api/readme.md @@ -84,8 +84,7 @@ API return type classes are mostly defined in api/api.ts ```ts { - id: - userID; + id: userID; } ``` @@ -127,8 +126,7 @@ API return type classes are mostly defined in api/api.ts ```ts { - id: - userID; + id: userID; } ``` @@ -196,8 +194,7 @@ returns error when image is not .png or larger than 256x256 ```ts { - image: - base64PNG; + image: base64PNG; } ``` @@ -216,8 +213,7 @@ returns error when image is not .png or larger than 256x256 ```ts { - preferences: - userPreferences; + preferences: userPreferences; } ``` @@ -232,8 +228,7 @@ returns error when image is not .png or larger than 256x256 ```ts { - newPreferences: - userPreferences; + newPreferences: userPreferences; } ``` @@ -304,8 +299,7 @@ returns error when image is not .png or larger than 256x256 ```ts { - status: - string; + status: string; } ``` @@ -322,8 +316,7 @@ returns error when image is not .png or larger than 256x256 ```ts { - id: - userID; + id: userID; } ``` @@ -340,8 +333,7 @@ returns error when image is not .png or larger than 256x256 ```ts { - id: - userID; + id: userID; } ``` @@ -358,8 +350,7 @@ returns error when image is not .png or larger than 256x256 ```ts { - id: - userID; + id: userID; } ``` @@ -376,8 +367,7 @@ returns error when image is not .png or larger than 256x256 ```ts { - query: - string; + query: string; } ``` @@ -386,7 +376,9 @@ returns error when image is not .png or larger than 256x256 <td> ```ts -{ results: Array<userInfo> } +{ + results: Array<userInfo> +} ``` </td> @@ -400,8 +392,7 @@ returns error when image is not .png or larger than 256x256 ```ts { - id: - userID; + id: userID; } ``` @@ -418,8 +409,7 @@ returns error when image is not .png or larger than 256x256 ```ts { - id: - userID; + id: userID; } ``` @@ -437,7 +427,9 @@ returns error when image is not .png or larger than 256x256 <td> ```ts -{ requests: Array<userInfo> } +{ + requests: Array<userInfo> +} ``` </td> @@ -452,7 +444,9 @@ returns error when image is not .png or larger than 256x256 <td> ```ts -{ blocks: Array<userInfo> } +{ + blocks: Array<userInfo> +} ``` </td> @@ -467,7 +461,9 @@ returns error when image is not .png or larger than 256x256 <td> ```ts -{ friends: Array<userInfo> } +{ + friends: Array<userInfo> +} ``` </td> @@ -519,8 +515,7 @@ returns error when image is not .png or larger than 256x256 ```ts { - id: - gameID; + id: gameID; } ``` @@ -530,7 +525,7 @@ returns error when image is not .png or larger than 256x256 ```ts { - gameInfo; + gameInfo; } ``` @@ -545,8 +540,7 @@ returns error when image is not .png or larger than 256x256 ```ts { - id: - gameID; + id: gameID; } ``` @@ -573,8 +567,7 @@ returns error when image is not .png or larger than 256x256 ```ts { - id: - gameID; + id: gameID; } ``` @@ -603,8 +596,7 @@ returns error when image is not .png or larger than 256x256 ```ts { - code: - string; + code: string; } ``` diff --git a/api/user/modify.py b/api/user/modify.py new file mode 100644 index 0000000..a8066a1 --- /dev/null +++ b/api/user/modify.py @@ -0,0 +1,56 @@ +from flask import Blueprint, request +from db import cursor, connection +from hierarchy import auth_required +from auth.login import login_password + + +def login_and_password(func): + @auth_required("user") + def wrapper(user_id): + data = request.get_json() + if not data: return "", 400 + + password = data.get("password") + if not password: return "", 401 + + if not login_password(user_id, password): return "", 401 + + return func(user_id) + return wrapper + + +def modify_user_info(type): + @login_and_password + def index(user_id): + data = request.get_json() + if not data: return "", 400 + + new_value = data.get(type) + if not new_value: return "", 401 + + # check if already taken + taken = cursor.execute(f"select count(user_id) from users where lower({type}) = lower(?)", [new_value]).fetchone() + if taken[0] > 0: return "", 403 + + # update + cursor.execute(f"update users set {type} = ? where user_id = ?", [new_value, user_id]) + connection.commit() + return "", 200 + return index + + +modify_username = Blueprint('modify_username', __name__) +modify_username.add_url_rule( + '/username', 'route', modify_user_info("username"), methods=["POST"] +) + +modify_email = Blueprint('modify_email', __name__) +modify_email.add_url_rule( + '/email', 'route', modify_user_info("email"), methods=["POST"] +) + + +dynamic_routes = [ + ["/user", modify_username], + ["/user", modify_email] + ] |